from typing import Literal from fastapi import Header, HTTPException from pydantic import BaseModel class AuthUser(BaseModel): username: str role: Literal["admin", "sensitive_admin"] def issue_token(user: AuthUser) -> str: return f"dev-token::{user.username}::{user.role}" def parse_token(token: str) -> AuthUser | None: parts = token.split("::") if len(parts) != 3 or parts[0] != "dev-token": return None username = parts[1] role = parts[2] if role not in {"admin", "sensitive_admin"}: return None return AuthUser(username=username, role=role) def get_current_web_user(authorization: str | None = Header(default=None)) -> AuthUser: if not authorization or not authorization.lower().startswith("bearer "): raise HTTPException(status_code=401, detail="Missing bearer token") token = authorization[7:] user = parse_token(token) if user is None: raise HTTPException(status_code=401, detail="Invalid token") return user